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1^ Real-time protocol analysis for detecting link-state routing protocol 
attacks 

Ho-Yen Chang , S. Felix Wu , Y. Frank Jou 

ACN Transactions on Information and System Security (TISSEC) February 2001 
Volume 4 Issue 1 

A real-time knowledge-based network intrusion-detection model for a link-state routing 
protocol is presented for the OSPF protocol. This model includes three layers: a data 
process layer to parse packets and dispatch data; and event abstractor to abstract 
predefined real-time events for the link-state routing protocol; and an extended timed 
finite state machine to express the real-time behavior of the protocol engine and to ... 
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2 Intrusion detection techniques for mobile wireless networks 80% 

Yongguang Zhang , Wenke Lee , Yi-An Huang 
— Wireless Networks September 2003 
Volume 9 Issue 5 

The rapid proliferation of wireless networks and mobile computing applications has 
changed the landscape of network security. The traditional way of protecting networks 
with firewalls and encryption software is no longer sufficient and effective. We need to 
search for new architecture and mechanisms to protect the wireless networks and 
mobile computing application. In this paper, we examine the vulnerabilities of wireless 
networks and argue that we must include intrusion detection in the securit ... 



3 Securing information: Guarding the next Internet frontier: countering 80% 
12 denial of information attacks 

Mustaque Ahamad , Leo Mark , Wenke Lee , Edward Omicienski , Andre dos Santos , Ling 
Liu , Calton Pu 

Proceedings of the 2002 workshop on New security paradigms September 2002 
As applications enabled by the Internet become information rich, ensuring access to 
quality information in the presence of potentially malicious entities will be a major 
challenge. Denial of information (Dol) attacks attempt to degrade the quality of 
information by deliberately introducing noise that appears to be useful information. The 
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mere availability of information is insufficient if the user must find a needle in a 
iiaystack of noise that is created by an adversary to hide critical informat ... 
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12 systems 

Wenke Lee , Saivatore J. Stolfo 

ACM Transactions on 3Enfoirmattiion and System Securiitty (TESSEC) November 2000 
Volume 3 Issue 4 

Intrusion detection (ID) is an important component of infrastructure protection 
mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, and 
extensible. Given these requirements and the complexities of today's network 
environments, we need a more systematic and automated IDS development process 
rather that the pure l<nowledge encoding and engineering approaches. This article 
describes a novel framework, MADAM ID, for Mining Audit Data for Automated Models 
for Instrusion ... 



5 Intrusion detection in wireless ad-hoc networks 80% 

Yongguang Zhang , Wenke Lee 

Proceedings of the 6th amiiniyaD amil^ematiiointall conifeireinice on limobiille compiulLiling and 
nettworlking August 2000 

As the recent denial-of-servlce attacks on several major Internet sites have shown us, 
no open computer network is Immune from intrusions. The wireless ad-hoc network Is 
particularly vulnerable due to its features of open medium, dynamic changing topology, 
cooperative algorithms, lack of centralized monitoring and management point, and lack 
of a clear line of defense. Many of the intrusion detection techniques developed on a 
fixed wired network are not applicable in this new environment. Ho ... 

6 Simple, state-based approaches to program-based anomaly detection 80% 

I^ C. C. Michael , Anup Ghosh - 

ACM Transactions on Enformatiion and System SecurHty (T3ESSEC) August 2002 
Volume 5 Issue 3 

This article describes variants of two state-based intrusion detection algorithms from 
Michael and Ghosh [2000] and Ghosh et al. [2000], and gives experimental results on 
their performance. The algorithms detect anomalies in execution audit data. One is a 
simply constructed finite-state machine, and the other two monitor statistical 
deviations from normal program behavior. The performance of these algorithms is 
evaluated as a function of the amount of available training data, and they are 
compar ... 



7 Network security and intrusion detection: A methodology to detect 77% 
temporal regularities in user behavior for anomaly detection 

Alexandr Seleznyov 

[Proceed lings of the ISth UnttenmattioiniaiD cooference on lEintforinniattion security: 

Trusted iinforinntation: the mew decade challenge June 2001 

Network security, and intrusion detection In particular, represents an area of increased 
In security community over last several years. However, the majority of work in this 
area has been concentrated upon implementation of misuse detection systems for 
intrusion patterns monitoring among network traffic. In anomaly detection the 
classification was mainly based on statistical or sequential analysis of data often 
neglect ion temporal events' information as well as existing relations between them. ... 
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